CVE-2003-0161
CVE-2003-0161
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 2
exploitdbwww.exploit-db.com/exploits/24não verificadoexploitdbwww.exploit-db.com/exploits/22442não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-016.0.txtftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.ascftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txtftp://patches.sgi.com/support/free/security/advisories/20030401-01-Phttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000614http://lists.apple.com/mhonarc/security-announce/msg00028.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004295.htmlhttp://marc.info/?l=bugtraq&m=104896621106790&w=2http://marc.info/?l=bugtraq&m=104897487512238&w=2http://marc.info/?l=bugtraq&m=104914999806315&w=2http://sunsolve.sun.com/search/document.do?assetkey=1-26-52620-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-52700-1